Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
03/05/2024, 20:32
General
-
Target
37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe
-
Size
93KB
-
MD5
c594efd69a4ad1586e3aa2f1e48e6f7c
-
SHA1
00c1f171670367fe20f7a496b0f4c8ef17c2d270
-
SHA256
37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9
-
SHA512
419f9cc27c85170d9dea63a54e7c6a61c3e6d2a385fd153eb7af51114da531896998283b8409a808bf3bc0004c3f48e48ce926347392d47767c709b32cd881f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTrB:ymb3NkkiQ3mdBjFIj+qNhvZuHQYfB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe"C:\Users\Admin\AppData\Local\Temp\37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrlf.exec:\lflrrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntbh.exec:\thntbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttntn.exec:\bttntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnh.exec:\nhnbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffff.exec:\rffffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxfxx.exec:\1xfxfxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnntt.exec:\9tnntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxxf.exec:\frlrxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbh.exec:\tnttbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnttn.exec:\7bnttn.exe17⤵
- Executes dropped EXE
-
\??\c:\3jjpj.exec:\3jjpj.exe18⤵
- Executes dropped EXE
-
\??\c:\frxfffr.exec:\frxfffr.exe19⤵
- Executes dropped EXE
-
\??\c:\xlxrxxl.exec:\xlxrxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe21⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe22⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxrrrxr.exec:\lxrrrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\xflxxxx.exec:\xflxxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\1bnhnn.exec:\1bnhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe28⤵
- Executes dropped EXE
-
\??\c:\9lxllfl.exec:\9lxllfl.exe29⤵
- Executes dropped EXE
-
\??\c:\9rrrrrx.exec:\9rrrrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe31⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe32⤵
- Executes dropped EXE
-
\??\c:\7pjjj.exec:\7pjjj.exe33⤵
- Executes dropped EXE
-
\??\c:\flrrllr.exec:\flrrllr.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrxfxx.exec:\rlrxfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrrxrl.exec:\xlrrxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\lrfxffl.exec:\lrfxffl.exe40⤵
- Executes dropped EXE
-
\??\c:\3rxrlfl.exec:\3rxrlfl.exe41⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\5hthbt.exec:\5hthbt.exe43⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe44⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\rrrrxrr.exec:\rrrrxrr.exe46⤵
- Executes dropped EXE
-
\??\c:\9lrrrrl.exec:\9lrrrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnttn.exec:\hbnttn.exe48⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\7xxrllx.exec:\7xxrllx.exe52⤵
- Executes dropped EXE
-
\??\c:\lxrxxrx.exec:\lxrxxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ntbtbn.exec:\ntbtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\5ttnhb.exec:\5ttnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\5jvvp.exec:\5jvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lffrrfl.exec:\lffrrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\rfllxrx.exec:\rfllxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\nttntt.exec:\nttntt.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe64⤵
- Executes dropped EXE
-
\??\c:\flxrxxf.exec:\flxrxxf.exe65⤵
- Executes dropped EXE
-
\??\c:\nbnttn.exec:\nbnttn.exe66⤵
-
\??\c:\5jpdj.exec:\5jpdj.exe67⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe68⤵
-
\??\c:\lxllffl.exec:\lxllffl.exe69⤵
-
\??\c:\3xfxxrr.exec:\3xfxxrr.exe70⤵
-
\??\c:\nthtbb.exec:\nthtbb.exe71⤵
-
\??\c:\bhthhh.exec:\bhthhh.exe72⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe73⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe74⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe75⤵
-
\??\c:\3lrffxx.exec:\3lrffxx.exe76⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe77⤵
-
\??\c:\7bnbbt.exec:\7bnbbt.exe78⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe79⤵
-
\??\c:\hnbtbt.exec:\hnbtbt.exe80⤵
-
\??\c:\dvddj.exec:\dvddj.exe81⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe82⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe83⤵
-
\??\c:\xllffxf.exec:\xllffxf.exe84⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe85⤵
-
\??\c:\tnbbtn.exec:\tnbbtn.exe86⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe87⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe88⤵
-
\??\c:\lxffffl.exec:\lxffffl.exe89⤵
-
\??\c:\frrlrrl.exec:\frrlrrl.exe90⤵
-
\??\c:\xrrffxl.exec:\xrrffxl.exe91⤵
-
\??\c:\bntntt.exec:\bntntt.exe92⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe93⤵
-
\??\c:\djpvv.exec:\djpvv.exe94⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe95⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe96⤵
-
\??\c:\5flrxrx.exec:\5flrxrx.exe97⤵
-
\??\c:\rxlfrrx.exec:\rxlfrrx.exe98⤵
-
\??\c:\htntbb.exec:\htntbb.exe99⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe100⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe101⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe102⤵
-
\??\c:\rlxflrl.exec:\rlxflrl.exe103⤵
-
\??\c:\5lrfxrx.exec:\5lrfxrx.exe104⤵
-
\??\c:\1lxflll.exec:\1lxflll.exe105⤵
-
\??\c:\btthnt.exec:\btthnt.exe106⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe107⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe108⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe109⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe110⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe111⤵
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe112⤵
-
\??\c:\thbthb.exec:\thbthb.exe113⤵
-
\??\c:\thhnbb.exec:\thhnbb.exe114⤵
-
\??\c:\vdddv.exec:\vdddv.exe115⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe116⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe117⤵
-
\??\c:\5rrfrrf.exec:\5rrfrrf.exe118⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe119⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe120⤵
-
\??\c:\btnthn.exec:\btnthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-